Control method based on user authentication using detection sensor and device using thereof

ABSTRACT

Disclosed is a control method of a control device, the control method including determining whether a movable object is located in a first area using a detection sensor, activating a first mode among operation modes of the control device when it is determined that the movable object is located in the first area, acquiring user confirmation information from a terminal when the first mode is activated wherein the user confirmation information corresponds to user-specific information stored in the terminal and is provided to the terminal by a server before the terminal provides the user confirmation information to the control device, transmitting processing request information based on the user confirmation information to the server so that the server performs processing on the user confirmation information, acquiring a processing result for the user confirmation information from the server, and providing the processing result for the user confirmation information to the terminal.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims priority to and the benefit of Korean PatentApplication No. 10-2020-0107374, filed on Aug. 25, 2020 and KoreanPatent Application No. 10-2021-0111298, filed on Aug. 23, 2021, thedisclosure of which is incorporated herein by reference in its entirety.

BACKGROUND 1. Field of the Invention

The present invention relates to a user authentication-based controlmethod using a detection sensor and a device using the same.

2. Discussion of Related Art

In the field of performing user authentication to manage access to abuilding or a specific area, payment processing, use of a specificdevice, and the like, a technique for improving convenience by utilizinga user terminal is used. In this technology, a user terminal has beenimplemented as a card key in the related art but has recently beengradually expanded to a mobile terminal such as a smartphone that a usercarries.

However, it may take a lot of time for a mobile terminal to acquireinformation necessary for user authentication compared to a conventionalcard key, and accordingly, there occurs an inconvenience in that a userfeels delayed.

In addition, in the case of conventional BLE communication, the requiredcommunication time varies depending on the operating system of a mobileterminal, or there is a problem of taking more time than expected totransmit and receive data.

SUMMARY OF THE INVENTION

The present disclosure is directed to providing a control method capableof enhancing the accuracy and security of user authentication regardlessof terminal performance.

The present disclosure is also directed to providing a control methodcapable of shortening the time taken for user authentication andprocessing corresponding to user authentication.

Technical solutions of the present disclosure are not limited to theaforementioned solutions, and other solutions that are not describedherein will be clearly understood by those skilled in the art from thefollowing description and the accompanying drawings.

According to an aspect of the present disclosure, there is provided acontrol method of a control device, the control method includingdetermining whether a movable object is located in a first area using adetection sensor, activating a first mode among operation modes of thecontrol device when it is determined that the movable object is locatedin the first area, acquiring user confirmation information from aterminal when the first mode is activated wherein the user confirmationinformation corresponds to user-specific information stored in theterminal and is provided to the terminal by a server before the terminalprovides the user confirmation information to the control device,transmitting processing request information based on the userconfirmation information to the server so that the server performsprocessing on the user confirmation information, acquiring a processingresult for the user confirmation information from the server, andproviding the processing result for the user confirmation information tothe terminal.

Also, wherein the operation mode of the control device is set to asecond mode when it is not determined that the movable object is locatedin the first area.

Also, wherein the first mode comprises an active mode in which thecontrol device is allowed to communicate with a terminal present in thefirst area, and wherein the second mode comprises an inactive mode inwhich the control device is not allowed to communicate with a terminalpresent in the first area.

Also, wherein when the first mode is activated, the control devicecommunicates with a terminal present in the first area and a terminalpresent in a second area indicating a predetermined communication areaother than the first area, and wherein when the second mode isactivated, the control device communicates with a terminal present inthe second area without communicating with a terminal in the first area.

Also, wherein the control device comprises a first communication unitconfigured to communicate with a terminal present in the first area anda second communication unit configured to communicate with a terminalpresent in the second area, and wherein the control unit performscontrol to drive the first communication unit and the secondcommunication unit when the first mode is activated, and wherein thecontrol unit performs control to drive the second communication unitwithout driving the first communication unit when the second mode isactivated.

Also, wherein the user-specific information comprises at least one ofidentification information of the terminal, identification informationof a user of the terminal, or information necessary for userauthentication.

Also, wherein the first mode comprises a central mode in which thecontrol device receives an advertising signal from the terminal andscans the terminal in response to receiving the advertising signal, andwherein the second mode comprises a peripheral mode in which the controldevice transmits an advertising signal to the terminal and is scanned bythe terminal in response to transmitting the advertising signal.

Also, wherein the first communication unit operates in a central mode inwhich the control device receives an advertising signal from theterminal and scans the terminal in response to receiving the advertisingsignal, and wherein the second communication unit operates in aperipheral mode in which the control device transmits an advertisingsignal to the terminal and is scanned by the terminal in response totransmitting the advertising signal.

Also, wherein the determining whether a movable object is located in afirst area using a detection sensor comprises acquiring a detectionsignal from the detection sensor when the movable object is located inthe first area and determining that the movable object is located in thefirst area when the detection signal is acquired.

Also, wherein the user confirmation information comprises a result foruser authentication that is performed by the server based on theuser-specific information, and wherein the processing requestinformation based on the user confirmation information comprises aprocessing request for a result of the user authentication.

Also, wherein the user confirmation information comprises informationfor confirming that the terminal is in the first area, wherein theprocessing request information based on the user confirmationinformation comprises a user authentication request that requests theserver to perform user authentication based on the user confirmationinformation, and wherein the processing result for the user confirmationinformation comprises a result of the user authentication.

According to another aspect of the present disclosure, there is provideda control method of a terminal, the control method including providinguser-specific information of the terminal to a server, acquiring userconfirmation information based on the user-specific information from theserver, providing the user confirmation information to a control device,wherein the user confirmation information is received by the controldevice when the terminal is located in a first area and the controldevice confirms that a movable object is located in the first areathrough a detection sensor placed inside or near the control device, andacquiring a processing result for the user confirmation information fromthe control device when processing request information based on the userconfirmation information is provided from the control device to theserver so that processing of the user confirmation information isperformed by the server.

Also, wherein the providing of user-specific information of the terminalto a server comprises transmitting the user-specific information of theterminal from the control device to the server in a second areaindicating a predetermined communication area other than the first area.

Also, wherein the providing of user-specific information of the terminalto a server comprises transmitting the user-specific information of theterminal to the control device so that the user-specific information ofthe terminal is transmitted to the server.

Also, wherein the providing of user-specific information of the terminalto a server comprises determining whether the terminal is located in thesecond area and providing the user-specific information of the terminalto the server when it is determined that the terminal is located in thesecond area.

Also, wherein the transmitting of the user-specific information of theterminal to the server comprises confirming a location of the terminalusing at least one of a signal received from the control device, asignal received from an external device, or a signal acquired from aglobal positioning system (GPS) sensor included in the terminal anddetermining whether the terminal is located in the second area on thebasis of the confirmed location of the terminal.

Technical solutions of the present disclosure are not limited to theaforementioned solutions, and other solutions that are not describedherein will be clearly understood by those skilled in the art from thefollowing description and the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other objects, features and advantages of the presentdisclosure will become more apparent to those of ordinary skill in theart by describing in detail exemplary embodiments thereof with referenceto the accompanying drawings, in which:

FIG. 1 is a block diagram of a management system according to anembodiment;

FIG. 2 is a block diagram of a server according to an embodiment;

FIG. 3 is a block diagram of a terminal according to an embodiment;

FIG. 4 is a block diagram of a control device according to anembodiment;

FIG. 5 is a diagram illustrating a control device according to anembodiment;

FIG. 6 is a diagram illustrating an environment in which a controlmethod of a control device is implemented according to an embodiment;

FIG. 7 is a flowchart illustrating a control method of a control deviceaccording to an embodiment;

FIG. 8 is a flowchart illustrating a control method of a control deviceaccording to another embodiment;

FIG. 9 is a sequence diagram illustrating the operation of a managementsystem according to an embodiment;

FIG. 10 is a sequence diagram illustrating the operation of a managementsystem according to another embodiment; and

FIG. 11 is a flowchart illustrating a control method of a terminalaccording to an embodiment.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

Embodiments described in the present disclosure have been made toclearly explain the concept of the present disclosure to those havingordinary skill in the art, and thus the present disclosure is notlimited to the embodiments described in the present disclosure. Thescope of the present disclosure should be interpreted as includingvariations and modifications within the spirit of the presentdisclosure.

The terms used in the present disclosure are selected from generalterms, which are currently widely used, on the basis of functions in thepresent disclosure, and may vary according to the intentions of those ofordinary skill in the art, precedents in the related art, or the advanceof new technology. When a specific term is defined and used with anarbitrary meaning, the meaning of the term will be described separately.Accordingly, the terms used in the present disclosure should beinterpreted on the basis of the real meanings of the terms and theentire description of the present disclosure, rather than the simplenames of such terms.

The accompanying drawings in the present disclosure are for facilitatingthe description of the present disclosure. The shape illustrated in thedrawings may be exaggerated for the purpose of convenience ofexplanation, so the present disclosure is not limited to the drawings.

In the present disclosure, a detailed description of related knownfunctions or configurations incorporated herein will be omitted asnecessary when it makes the subject matter of the disclosure ratherunclear.

An access management method and an access management device using thesame according to an embodiment of the present disclosure will bedescribed below.

FIG. 1 is a block diagram of a management system according to anembodiment.

Referring to FIG. 1, a management system 10000 may include a server1000, a terminal 2000, and a control device 3000.

The server 1000 may communicate with at least one of the control device3000 or the terminal 2000 to transmit or receive various pieces ofinformation.

According to an embodiment, the server 1000 may provide informationnecessary for user authentication to at least one of the control device3000 or the terminal 2000. Here, user authentication may refer toauthentication as to whether a user or a user terminal has specificauthority. For example, the user authentication may includeauthentication for various privileges such as access authorityauthentication as to whether a user or a user terminal has authority toaccess a specific area; payment authority authentication as to whether auser or a user terminal has authority to perform payment processing; useauthority authentication as to whether a user or a user terminal has anauthority to use a specific device, and operation mode settingauthentication as to whether a user or a user terminal has authority toset an operation mode of a specific device. Also, the server 1000 mayperform the user authentication and provide a result of theauthentication to at least one of the control device 3000 or theterminal 2000. Also, when the user authentication is performed by atleast one of the control device 3000 or the terminal 2000, the server1000 may acquire a result of the user authentication from at least oneof the control device 3000 or the terminal 2000.

Also, the server 1000 may perform processing corresponding to the userauthentication. For example, when the server 1000 receives a processingrequest for user authentication from the terminal 2000 or the controldevice 3000, the server 1000 may perform processing corresponding to theuser request or determine whether the processing corresponding to theuser request is to be performed by the terminal 2000 or the controldevice 3000 and may provide a result of the determination to theterminal 2000 or the control device 3000. Here, the processing for userauthentication may refer to a subsequent operation to be performed basedon the user authentication, such as controlling a user's access to aspecific area, controlling a user's payment processing, controlling auser's use of a specific device, or controlling the operation mode of aspecific device depending on the user authentication result.

Also, the terminal 2000 may communicate with at least one of the controldevice 3000 or the server 1000 to transmit or receive various pieces ofinformation. For example, the terminal 2000 may transmit or receiveinformation necessary for user authentication from or to the controldevice 3000. Also, the terminal 2000 may transmit data necessary for anaccess request and/or a setting change request to the control device3000 or the server 1000. Also, in some embodiments, the terminal 2000may perform the above-described user authentication.

Also, when user authentication is performed, the terminal 2000 may makea processing request for the user authentication from the control device3000 or the server 1000 and acquire a result of the processing requestfrom the control device 3000 or the server 1000. Also, the terminal 2000may acquire a result of whether the processing for user authenticationcan be performed from the control device 3000 or the server 1000 andperform the processing for user authentication on the basis of theresult.

Also, an application for performing some embodiments to be describedbelow may be provided to the terminal 2000.

Also, the terminal 2000 may be implemented with a smartphone, a tablet,a personal digital assistant (PDA), a notebook, a wearable device, etc.Alternatively, the terminal 2000 may be implemented with a smart card,an integrated circuit (IC) card, a magnetic card, a radio frequency (RF)chip, or the like, which is capable of recording data.

The control device 3000 may communicate with at least one of the server1000 or the terminal 2000 to transmit or receive various pieces ofinformation. Also, the control device 3000 may perform theabove-described various processes corresponding to the userauthentication result. For example, the control device 3000 may controla user's access to a specific area, control a user's payment processing,control a user's use of a specific device, or control the operation modeof a specific device depending on the user authentication result.

As a specific example, when a user's access to a specific area isrestricted by a gate, the control device 3000 may control the gate tocontrol the user's access to the specific area according to the userauthentication result. Here, the gate is a device that physicallyrestricts a user's access, and may include an access restriction device(e.g., an access bar, an access door, etc.). The control device 3000 mayallow a user's access by providing an unlock signal to the gateaccording to the user authentication result to control the gate to open.Also, the control device 3000 may disallow a user's access by preventingan unlock signal from being provided to the gate or providing a locksignal to the gate to control the gate to be closed depending on theuser authentication result. Also, in some embodiments, the controldevice 3000 may be placed inside or near the gate.

Also, when the control device 3000 controls payment processing, thecontrol device 3000 may perform a payment approval procedure. Forexample, the control device 3000 may receive a payment request from theterminal 2000 and may approve or disapprove the payment request on thebasis of the user authentication result. Also, in some embodiments, thepayment approval procedure may be performed by the server 1000. In thiscase, the control device 3000 may deliver the payment request receivedfrom the terminal 2000 to the server 1000 and may receive a result ofthe payment approval from the server 1000. Also, the control device 3000may perform various control operations on the basis of the paymentapproval result. For example, when the control device 3000 controls agate for access to public transportation, the control device 3000 maycontrol the gate on the basis of the payment approval result. Also, thecontrol device 3000 may provide the payment approval result to at leastone of the server 1000 or the terminal 2000. Also, when controlling theuse of a specific device according to the user authentication result,the control device 3000 may control the use of the specific devicethrough software installed in the specific device or control the use ofthe specific device by controlling a restriction device for physicallyrestricting the use of the specific device on the basis of the userauthentication result.

Also, when controlling the operation mode of the specific device, thecontrol device 3000 may set the operation mode of the specific device onthe basis of the user authentication result. For example, when thecontrol device 3000 controls an access control device for managingaccess to a specific area, the control device 3000 may control theaccess control device in a security mode that increases a security levelin the specific area or control the access control device in a normalmode in which the security mode is released on the basis of the userauthentication result. Also, in some embodiments, the access controldevice may be included in the control device 3000.

The processing for user authentication may also be performed by theserver 1000 or the terminal 2000.

Also, in some embodiments, the control device 3000 may perform anoperation for the above-described user authentication. This will bedescribed in detail below.

Also, when user authentication is performed, the control device 3000 maymake a processing request for user authentication from the terminal 2000or the server 1000 and acquire a result of the processing request fromthe terminal 2000 or the server 1000. Also, the control device 3000 mayacquire a result of whether the user authentication can be processedfrom the terminal 2000 or the server 1000 and perform the processing foruser authentication on the basis of the result.

However, the block diagram shown in FIG. 1 is just an example forconvenience of description, and the present invention is not limitedthereto. According to some embodiments, any element may be added to theblock diagram of FIG. 1, and the elements shown in FIG. 1 may beexcluded or subdivided.

FIG. 2 is a block diagram of a server according to an embodiment.

Referring to FIG. 2, the server 1000 may include a server communicationunit 1100, a server input unit 1200, a server storage unit 1300, aserver display unit 1400, and a server control unit 1500.

The server communication unit 1100 may communicate with at least one ofthe terminal 2000 or the control device 3000. As another example, theserver communication unit 1100 may transmit biometric information to bestored in the control device 3000 to the terminal 2000.

Also, the server communication unit 1100 may include mobilecommunication modules such as Bluetooth low energy (BLE), Bluetooth,wireless local area network (WLAN), wireless fidelity (WiFi), WiFiDirect, near field communication (NFC), infrared data association(IrDA), ultra wide band (UWB), Zigbee, 3G, 4G, and 5G and other wired orwireless modules capable of transmitting data through variouscommunication standards.

The server input unit 1200 may acquire an electrical signalcorresponding to a user input. The server input unit 1200 may include akeypad, a keyboard, a switch, a button, and a touchscreen.

The server storage unit 1300 may store various kinds of data. Forexample, the server storage unit 1300 may store information necessaryfor user authentication (e.g., user authorization information,user-specific information (or a user's or terminal's identificationinformation and identification information necessary for paymentprocessing (e.g., a user's card information, authentication informationcorresponding to card information, etc.), a user's biometricinformation, password information, etc.)) or information regarding auser authentication result.

Also, the server storage unit 1300 may store information acquired fromthe terminal 2000 or the control device 3000. Also, the server storageunit 1300 may store a program necessary for operation of the server1000.

The server storage unit 1300 may include at least one type of storagemedium selected from among a flash memory-type memory, a hard disk-typememory, a multimedia card micro-type memory, a card-type memory (e.g.,an SD or XD memory), a random access memory (RAM), a static randomaccess memory (SRAM), a read-only memory (ROM), an electrically erasableprogrammable read-only memory (EEPROM), a programmable read-only memory(PROM), a magnetic memory, a magnetic disk, and an optical disc. Also,the memory may store information temporarily, permanently, orsemi-permanently and may be provided as a built-in-type orremovable-type memory.

Also, the server display unit 1400 may output visual information. Forexample, the server display unit 1400 may be a liquid crystal display(LCD), an organic light-emitting diode (OLED) display, an active-matrixorganic light-emitting diode (AMOLED) display, etc.

Also, the server control unit 1500 may control each element of theserver 1000 or may process and compute various kinds of information.Also, among steps that will be described in the following methods, theserver control unit 1500 may control operations for carrying out somesteps that are performed by the server 1000 or may perform computationsnecessary to carry out the steps.

The server control unit 1500 may be implemented with software, hardware,or a combination thereof. For example, with hardware, the server controlunit 1500 may be implemented with a field-programmable gate array(FPGA), an application-specific integrated circuit (ASIC), asemiconductor chip, and various other types of electronic circuits. Asanother example, with software, the server control unit 1500 may beimplemented with logic programs or various kinds of computer languageswhich are performed by the hardware.

The server 1000 does not necessarily have to include all of theabove-described elements, and some of the elements may be selectivelyexcluded. For example, when the server 1000 does not provide directvisual information, the server display unit 1400 may be excluded fromthe server 1000. Also, an element for performing an additional functionand operation may be selectively added to the server 1000.

FIG. 3 is a block diagram of a terminal according to an embodiment.

Referring to FIG. 3, the terminal 2000 may include a terminalcommunication unit 2100, a terminal display unit 2200, a terminal inputunit 2300, a location information collection unit 2400, a terminalstorage unit 2500, a terminal control unit 2600, and a terminalbiometric-information input unit 2700.

The terminal communication unit 2100 may communicate with at least oneof the server 1000 or the control device 3000. For example, the terminalcommunication unit 2100 may transmit or receive information necessaryfor user authentication or user authentication result information to orfrom at least one of the server 1000 or the control device 3000.

Also, the terminal communication unit 2100 may include mobilecommunication modules such as BLE, Bluetooth, WLAN, WiFi, WiFi Direct,NFC, IrDA, UWB, Zigbee, 3G, 4G, and 5G and other wired or wirelessmodules capable of transmitting data through various communicationstandards.

The terminal display unit 2200 may output various pieces of visualinformation. For example, the terminal display unit 2200 may output theinformation when the control device 3000 is detected throughcommunication with the control device 3000 and communication isestablished. Also, the terminal display unit 2200 may visually output auser authentication result. Also, the terminal display unit 2200 mayvisually output a message received from the server 1000. Also, theterminal display unit 2200 may visually output a screen for inputtingsetting change information in order to change the settings of thecontrol device 3000.

The terminal display unit 2200 may be an LCD display, an OLED display,an AMOLED display, or the like. When the terminal display unit 2200 isprovided as a touchscreen, the terminal display unit 2200 may functionas the terminal input unit 2300. In this case, a separate terminal inputunit 2300 may not be selectively provided, and a terminal input unit2300 configured to perform limited functions such as a volume controlfunction, a power button function, and a home button function may beprovided.

The terminal input unit 2300 may acquire a signal corresponding to auser input. For example, the terminal input unit 2300 may acquire aninput for requesting user authentication from the server 1000 or thecontrol device 3000. Also, the terminal input unit 2300 may acquire aninput for acquiring information necessary for user authentication (e.g.,user authorization information, user-specific information (or a user'sor terminal's identification information, identification informationnecessary for payment processing (e.g., a user's card information,authentication information corresponding to card information, etc.), auser's biometric information, password information, etc.)). Also, theterminal input unit 2300 may receive setting change information tochange the settings of the control device 3000.

Also, the terminal input unit 2300 may be implemented with, for example,a keyboard, a keypad, a button, a jog dial, or a wheel. Also, the userinput may be, for example, a button press, a touch, or a drag. When theterminal display unit 2200 is implemented with a touchscreen, theterminal display unit 2200 may serve as the terminal input unit 2300.

The location information collection unit 2400 may acquire locationinformation for the terminal 2000 to determine its location. Forexample, the location information collection unit 2400 may acquirecoordinate information for determining a location, like a GPS sensor. Asanother example, the location information collection unit 2400 maydetermine the location of the terminal 2000 on the basis of a signalreceived from an external device. For example, when the terminal 2000receives a signal indicating a specific area from the control device3000, the terminal 2000 may confirm the specific area in response toreceiving the signal.

Also, the terminal storage unit 2500 may store various kinds of data.For example, the terminal storage unit 2500 may store informationnecessary for operation of the terminal 2000 (e.g., informationnecessary for user authentication (e.g., user authorization information,user-specific information (or a user's or terminal's identificationinformation, identification information necessary for payment processing(e.g., a user's card information, authentication informationcorresponding to card information, etc.), a user's biometricinformation, password information, etc.))).

The terminal storage unit 2500 may include at least one type of storagemedium selected from among a flash memory-type memory, a hard disk-typememory, a multimedia card micro-type memory, a card-type memory (e.g.,an SD or XD memory), a RAM, an SRAM, a ROM, an EEPROM, a PROM, amagnetic memory, a magnetic disk, and an optical disc. Also, the memorymay store information temporarily, permanently, or semi-permanently andmay be provided as a built-in-type or removable-type memory.

The terminal control unit 2600 may control each element of the terminal2000 or may process and compute various kinds of information. Also, theterminal control unit 2600 may acquire signals from some elementsincluded in the terminal 2000. Also, among steps that will be describedin the following methods, the terminal control unit 2600 may controloperations for carrying out some steps that are performed by theterminal 2000 or may perform computations necessary to carry out thesteps.

The terminal control unit 2600 may be implemented with software,hardware, or a combination thereof. For example, with hardware, theterminal control unit 2600 may be implemented with an FPGA, an ASIC, asemiconductor chip, and various other types of electronic circuits. Asanother example, with software, the terminal control unit 2600 may beimplemented with logic programs or various kinds of computer languageswhich are performed by the hardware.

The terminal biometric-information input unit 2700 may receive a user'sbiometric information. The biometric information may refer to at leastone of the user's voice information, fingerprint information, irisinformation, face information, and vein information. The terminalbiometric-information input unit 2700 may be implemented with at leastone of a microphone through which the user's voice information is input,a screen scanner through which the user's fingerprint information isinput, and a camera through which the user's iris information, faceinformation, and vein information are input.

The terminal 2000 does not necessarily have to include all of theabove-described elements, and some of the elements may be selectivelyexcluded. For example, when the terminal 2000 does not receive biometricinformation, the terminal biometric-information input unit 2700 may beexcluded from the terminal 2000. Also, an element for performing anadditional function and operation may be selectively added to theterminal 2000.

FIG. 4 is a block diagram of a control device according to anembodiment.

Referring to FIG. 4, the control device 3000 may include a communicationunit 3100, a display unit 3200, a sound output unit 3300, a sensor unit3400, a storage unit 3500, a power unit 3600, a control unit 3700, abiometric-information input unit 3800, and an input unit 3900.

The communication unit 3100 may communicate with at least one of theserver 1000 or the terminal 2000. For example, the communication unit3100 may transmit or receive information necessary for userauthentication or user authentication result information to or from atleast one of the server 1000 or the terminal 2000.

As another example, the communication unit 3100 may receive a settingchange signal from the terminal 2000. Also, the communication unit 3100may transmit result information obtained by performing a setting changeto the terminal 2000.

The communication unit 3100 may mainly communicate according to wirelesscommunication standards but may include mobile communication modulessuch as BLE, Bluetooth, WLAN, WiFi, WiFi Direct, NFC, IrDA, UWB, Zigbee,3G, 4G, and 5G and other wired or wireless modules capable oftransmitting data through various communication standards. Also, thecommunication unit 3100 may include a short-range wireless module thatsupports NFC, RFID, or the like.

In an embodiment, the communication unit 3100 may include a firstcommunication unit (not shown) and a second communication unit (notshown).

In an embodiment, the first communication unit (not shown) and thesecond communication unit (not shown) may be configured to havedifferent communication areas. For example, the first communication unit(not shown) may be configured to communicate with an area relativelyclose to the control device 3000 or the sensor unit 3400 (e.g., a firstarea described with reference to FIGS. 6 to 11), and the secondcommunication unit (not shown) may be configured to communicate with anarea relatively far from the control device 3000 or the sensor unit 3400or the remaining area (e.g., a second area described with references toFIGS. 6 to 11) excluding the communication area of the firstcommunication unit (not shown).

For example, the first communication unit (not shown) and the secondcommunication unit (not shown) may be set to have differentcommunication distances. As an example, the first communication unit(not shown) may be set to have a communication distance that is the sameas or different from the sensing distance of the sensor unit 3400 by apredetermined distance or less, and the second communication unit (notshown) may be set to have a longer communication distance than the firstcommunication unit (not shown). In this case, the second communicationunit (not shown) may be set not to communicate over a communicationdistance in which the first communication unit (not shown) cancommunicate. For example, the second communication unit (not shown) mayfilter out a signal received in the communication distance in which thefirst communication unit (not shown) can communicate.

Also, the first communication unit (not shown) may operate in a centralmode, which will be described below, and the second communication unit(not shown) may communicate in a peripheral mode. Thus, the firstcommunication unit (not shown) may communicate with a terminalcommunicating in the peripheral mode, and the second communication unit(not shown) may communicate with a terminal operating in the centralmode. As an example, when a terminal in a second area operates in thecentral mode, the second communication unit (not shown) may communicatewith the terminal, and the first communication unit (not shown) may notcommunicate with the terminal. Also, when a terminal in the first areaoperates in the peripheral mode, the first communication unit (notshown) may communicate with the terminal, and the second communicationunit (not shown) may not communicate with the terminal. In some cases,it will be appreciated that the first communication unit (not shown) maycommunicate in the peripheral mode and the second communication unit(not shown) may communicate in the central mode.

The display unit 3200 may output information to be visually provided toa user.

For example, when a door opening signal is received, the display unit3200 may output visual information indicating the reception. Also, whena setting change signal is received, the display unit 3200 may outputvisual information indicating the reception.

The display unit 3200 may be an LCD display, an OLED display, an AMOLEDdisplay, or the like. When the display unit 3200 includes a touch panel,the display unit 3200 may operate as a touch-based input device.

The sound output unit 3300 may output information to be auditorilyprovided to a user. For example, when a door opening signal is received,the display unit 3200 may output auditory information indicating thereception. Also, when a setting change signal is received, the displayunit 3200 may output auditory information indicating the reception.

The sound output unit 3300 may be a speaker, a buzzer, or the like,which outputs sound.

The sensor unit 3400 may acquire an external environment signal requiredfor the control device 3000. For example, the sensor unit 3400 may checkwhether a movable object (e.g., a user) is present near the controldevice 3000. Also, the sensor unit 3400 may be placed inside or near thecontrol device 3000. Also, in some embodiments, the sensor unit 3400 maynot be included in the control device 3000. In this case, a separatesensor may be placed near the control device 3000.

The sensor unit 3400 may be implemented based on various configurations.For example, the sensor unit 3400 may be implemented based on variousdevices such as an infrared sensor, a camera, and a wirelesscommunication device (e.g., a Bluetooth communication device). As anexample, when the sensor unit 3400 includes an infrared sensor, anoutput signal of the sensor unit 3400 may be changed or output when auser passes through a gate. Based on the change or output of the outputsignal, the sensor unit 3400 may determine whether the user is locatednear the gate. As another example, when the sensor unit 3400 includes acamera, the sensor unit 3400 may track a user's movement on the basis ofimages acquired by the camera and may detect whether the user is locatednear the gate on the basis of the tracking result. As another example,when the sensor unit 3400 includes a wireless communication device, thewireless communication device and a user's terminal may communicate, andthe sensor unit 3400 may detect whether the user is located near thegate on the basis of a received signal strength indication at thewireless communication device or the received signal strength indicationat the terminal.

For example, according to an embodiment, the sensor unit 3400 mayacquire a signal about a distance between a user and an object or thelike. As another example, the sensor unit 3400 may acquire a signalnecessary for the control device to determine a location.

Various kinds of information may be stored in the storage unit 3500. Forexample, the storage unit 3500 may store a program for performing acontrol operation of the control unit 3700 and may store data receivedfrom the outside, data generated by the control unit 3700, etc. Also,the storage unit 3500 may store information necessary for operation ofthe control device 3000 (e.g., information necessary for userauthentication (e.g., user authorization information, useridentification information (e.g., a user's or terminal's identificationinformation, a user's biometric information, password information,etc.))) and user authentication result information.

The storage unit 3500 may include at least one type of storage mediumselected from among a flash memory-type memory, a hard disk-type memory,a multimedia card micro-type memory, a card-type memory (e.g., an SD orXD memory), a RAM, an SRAM, a ROM, an EEPROM, a PROM, a magnetic memory,a magnetic disk, and an optical disc. Also, the memory may storeinformation temporarily, permanently, or semi-permanently and may beprovided as a built-in-type or removable-type memory.

The power unit 3600 may provide power necessary to lock or unlock thegate. Also, the power unit 3600 may provide power necessary to open orclose the gate. The power unit 3600 may be provided as a motor, asolenoid, an actuator or the like.

When the power unit 3600 provides the power necessary to lock or unlockthe gate, the power unit 3600 may provide power so that a locking unit(not shown) for locking or unlocking the gate is in a locked state or anunlocked state or changed to the locked state or the unlocked state. Thelocking unit may be provided as, for example, a deadbolt, a latch bolt,or a combination thereof. Also, the locking unit is not limited to thedeadbolt and latch bolt, which have been described as an example, andtypical locking units may be utilized.

In some embodiments, the power unit 3600 may or may not be included inthe control device 3000. Also, the power unit 3600 may be placed nearthe control device 3000 in the form of a separate device. In this case,the control device 3000 may provide a signal for controlling the powerunit 3600 to the power unit 3600. Also, the above-described locking unitmay also be included in the control device 3000 and may be placed nearthe control device 3000 or controlled by the control device 3000.

The control unit 3700 may control each element of the control device3000 or may process and compute various kinds of information. Also, thecontrol unit 3700 may acquire signals from some elements included in thecontrol device 3000. Also, among steps that will be described in thefollowing methods, the control unit 3700 may control operations forcarrying out some steps that are performed by the control device 3000 ormay perform computations necessary to carry out the steps.

The control unit 3700 may be implemented with software, hardware, or acombination thereof. For example, with hardware, the control unit 3700may be implemented with an FPGA, an ASIC, a semiconductor chip, andvarious other types of electronic circuits. As another example, withsoftware, the control unit 3700 may be implemented with logic programsor various kinds of computer languages which are performed by thehardware.

The biometric-information input unit 3800 may receive a user's biometricinformation. For example, the biometric-information input unit 3800 mayreceive at least one of the user's voice information, fingerprintinformation, iris information, face information, and vein information.The biometric-information input unit 3800 may be implemented with atleast one of a microphone through which the user's voice information isinput, a screen scanner through which the user's fingerprint informationis input, and a camera through which the user's iris information, faceinformation, and vein information are input.

The input unit 3900 may be configured to receive various inputs. Forexample, the input unit 3900 may acquire an input for requesting userauthentication from the server 1000 or the terminal 2000. Also, theinput unit 3900 may acquire an input for acquiring information necessaryfor user authentication (e.g., a user's or a user terminal'sidentification information, password information, biometric information,etc.). Also, the input unit 3900 may receive setting change informationto change the settings of the control device 3000.

Also, the input unit 3900 may receive a user authentication request froma user. For example, when the user authentication is authentication of auser's access to a specific area, the control device 3000 may receive aninput for opening a door, drive the power unit 3600 to open the door, orallow an access authentication request signal to be transmitted to theserver 1000 or the terminal 2000. For example, the control device 3000may be implemented with a keyboard, a keypad, a button, a switch, a jogdial, or a wheel. Also, the user input may be, for example, a switchpress, a button press, a touch, or a drag. When the display unit 3200 isimplemented with a touchscreen, the display unit 3200 may serve as theinput unit 3900.

The control device 3000 according to an embodiment of the presentdisclosure does not necessarily have to include all of the aboveelements, and some of the elements may be selectively excluded.

The management system 10000 according to an embodiment of the presentdisclosure may be implemented to include at least one control device3000. As an example, the management system 10000 may include a controldevice 3000 including a communication unit 3100 and a control unit 3700.As a specific example, the control device 3000 may receive informationacquired from the terminal 2000 through the communication unit 3100,which functions as a reader, may analyze the acquired informationthrough the control unit 3700, which functions as a controller, and mayperform a function of controlling operations such as access management,time and attendance management, and a system mode change.

Also, an element for performing an additional function and operation maybe selectively provided to the control device 3000.

FIG. 5 is a diagram illustrating a control device according to anembodiment.

Referring to FIG. 5, in some embodiments, the control device 3000 mayinclude a plurality of devices. For example, the control device 3000 mayinclude a first control device 4000 and a second control device 5000.

As a specific example, the first control device 4000 may serve tocommunicate with an external device, and the second control device 5000may serve to control the first control device 4000. As an example, thefirst control device 4000 may receive information acquired from at leastone of the server 1000 or the terminal 2000 through a communication unitfunctioning as a reader and may transmit the acquired information to thesecond control device 5000 through a communication unit connected to thesecond control device 5000 in a wired or wireless communication manner.In this case, when the second control device 5000 receives theinformation from the first control device 4000, the second controldevice 5000 may perform a function of controlling operations such asaccess management, time and attendance management, and a system modechange on the basis of the information received through the controlunit.

In addition, as another example, the first control device 4000 mayinclude the first communication unit that has been described above, thesecond control device 5000 may include the second communication unitthat has been described above, and vice versa.

Also, as another example, the first control device 4000 and the secondcontrol device 5000 may perform the same function. For example, whenthere are two gates, the first control device 4000 may be placed at thefirst gate, and the second control device 5000 may be placed at thesecond gate. An operation for user authentication may be performed atthe gates where the first control device 4000 and the second controldevice 5000 are placed.

Also, as another example, the first control device 4000 and the secondcontrol device 5000 may include respective communication units, andcommunication standards supported by the communication units may bedifferent. As an example, the second control device 5000 may support acommunication scheme not supported by the first control device 4000 aswell as a communication scheme supported by the first control device4000. For example, when the first control device 4000 and the secondcontrol device 5000 are in the form of readers, the second controldevice 5000 may support the communication scheme not supported by thefirst control device 4000. Thus, the first control device 4000 may beexpressed as a legacy reader, and the second control device 5000 may beexpressed as a sub-reader.

As a specific example, the communication unit of the first controldevice 4000 may support a short-range wireless communication standardsuch as NFC and RFID, and the communication unit of the second controldevice 5000 may support a wireless communication standard such as BLE orBluetooth. In this case, when the communication unit 2100 of theterminal 2000 supports BLE communication, the first control device 4000and the terminal 2000 may not be able to communicate with each other. Atthis time, when the wireless communication standards supported by thesecond control device 5000 and the terminal 2000 match each other, thesecond control device 5000 may receive data from the terminal 2000 andtransmit the received data to the first control device 4000. Forexample, the second control device 5000 may receive BLE format data thatis used in the BLE from the terminal 2000, convert the BLE format datainto RFID format data that is used in the RFID and that isunderstandable by the first control device 4000, and transmit theconverted data to the first control device 4000. Similarly in theopposite case, after the second control device 5000 receives the RFIDformat data from the first control device 4000, the second controldevice 5000 may convert the RFID format data into BLE format data andtransmit the converted data to the terminal 2000. That is, the secondcontrol device 5000 serves to help the first control device 4000communicate with the terminal 2000 in a communication scheme notsupported by the first control device 4000.

The management system 10000 associated with various embodiments and theelements, operations, terms, and the like included in the managementsystem 10000 have been described above. The above-described managementsystem 10000 and the elements, operations, terms, and the like includedin the management system 10000 may be applied to various methods andembodiments which will be described below. However, it should be notedthat the following management system 10000 does not necessarily have tobe configured to have the above-described elements and functions and maybe applied even to a management system having a different configurationfrom the above-described management system 10000.

FIG. 6 is a diagram illustrating an environment in which a controlmethod of a control device is implemented according to an embodiment.

Referring to FIG. 6, the control device 3000 may be placed inside ornear the gate 6000. The control device 3000 may control the gateaccording to a user authentication result and/or processingcorresponding to a user authentication result. For example, when thegate 6000 is used to control access to the inside of the gate, thecontrol device 3000 may control the opening or closing of the gate 6000so that a user can enter through the gate 6000 or exit through the gate6000 on the basis of the user authentication result. Also, in order toenter and exit through the gate 6000, when payment for product purchase,public transportation boarding, etc. are accompanied, the control device3000 may control the gate 6000 on the basis of a payment processingresult corresponding to user authentication.

As a specific embodiment, the control device 3000 may acquireinformation necessary for user authentication from the terminal 2000,perform user authentication based on the acquired information, ortransmit the acquired information to a server (not shown) so that userauthentication is performed in the server. Also, when the control device3000 acquires a user authentication result, the control device 3000 mayperform processing corresponding to the user authentication result ormay transmit a processing request corresponding to the userauthentication result to the server 1000.

For example, when the control device 3000 communicates with the terminal2000 using a wireless communication scheme and the terminal 2000 islocated in the first area 100, the control device 3000 may determinethat a user of the terminal 2000 intends to perform user authentication,acquire information necessary for user authentication from the terminal2000, or perform the user authentication or provide the informationnecessary for user authentication to a server (not shown). Also, whenuser authentication has been previously performed and the terminal 2000is located in the first area 100, the control device 3000 may determinethat the user of the terminal 2000 intends to perform userauthentication according to the user authentication result, acquire aprocessing request corresponding to the user authentication result fromthe terminal 2000, and/or provide the processing request correspondingto the user authentication result to the server 1000.

For example, the control device 3000 may determine whether the terminal2000 is located in the first area 100 using the received signal strengthindication (e.g., RSSI) of a signal received from the terminal 2000.However, the accuracy of positioning of the terminal 2000 may be lowwhen using only the received signal strength indication of the receivedsignal. Accordingly, when the terminal 2000 is not accuratelypositioned, user authentication may be performed on a user of theterminal 2000 or processing corresponding to a user authenticationresult may be performed even when the terminal 2000 is not located inthe first area 100 but is located in the second area 200, which isfarther from the gate 6000 than the first area 100, or is outside thefirst area 100 and the second area 200. Accordingly, an error such asthe gate 6000 being erroneously opened may occur.

In order to prevent such an error, the control device 3000 mayaccurately determine whether the user of the terminal 2000 is located inthe first area 100 using a detection sensor 7000 and may perform anoperation for performing user authentication or processing correspondingto a user authentication result when the user of the terminal 2000 isdetermined to be located in the first area 100. In some embodiments, thedetection sensor 7000 may be located inside or near the control device3000 or the gate 6000. Also, the detection sensor 7000 may refer to theabove-described sensor unit 3400. When the detection sensor 7000 isplaced near the control device 3000 or the gate 6000, the detectionsensor 7000 and the control device 3000 may perform wired communicationin a wired manner or perform wireless communication in variouscommunication schemes.

FIG. 7 is a flowchart illustrating a control method of a control deviceaccording to an embodiment.

Referring to FIG. 7, the control method of the control device mayinclude determining whether a movable object is located in a first areausing a detection sensor (S100), changing an operation mode of thecontrol device when it is determined that the movable object is locatedin the first area (S200), acquiring information necessary for userauthentication from a terminal (S300), and acquiring a result of theuser authentication on the basis of the information necessary for userauthentication (S400).

In operation S100, the control device may acquire a detection signalfrom the detection sensor. Here, the detection sensor may be placedinside or near the control device. The description of the sensor unit3400 of the above-described control device and the description withreference to FIG. 6 may be applied to the detection sensor, and thus adetailed description thereof will be omitted.

In an embodiment, the detection sensor may transmit a detection signalto the control device when a movable object is located within thedetection range. When a detection signal is received from the detectionsensor, the control device may determine that a movable object islocated within the detection range of the detection sensor.

As an example, the detection range of the detection sensor may beshorter than a wireless communication distance between a user's terminaland the control device. For example, the detection range of thedetection sensor may be shorter than a Bluetooth or BLE communicationrange between a user's terminal and the control device. This is becausethe user approaches the control device when he or she intends to performuser authentication or to perform processing corresponding to userauthentication in the control device, and thus the possibility that heor she is located in the detection range of the detection sensor may behigh. On the other hand, when the user does not intend to perform userauthentication or to perform processing corresponding to userauthentication, he or she may be separated from the control device, andthus the possibility that he or she is located in the detection range ofthe detection sensor may be low even though he or she is located at alocation where the control device and his or her terminal cancommunicate with each other.

For convenience of description, hereinafter, the detection range of thedetection sensor is referred to as a first area, and an area other thanthe first area is referred to as a second area. However, in some cases,the second area may refer to an area where the control device and auser's terminal can perform wireless communication.

Also, in operation S200, the control device may change the operationmode according to whether a movable object is located in the first area.That is, the operation mode of the control device when there is amovable object in the first area may be different from the operationmode of the control device when no movable object is in the first area.

In an embodiment, when a movable object is located in the first area,the communication mode of the control device may be changed. Through thechange of the communication mode, the control device may activate ordeactivate communication between the control device and a terminal inthe first area. For example, when it is determined that no movableobject is located in the first area, the control device may set thecommunication mode to be an inactive mode. Accordingly, the controldevice and the terminal do not communicate with each other, and thususer authentication or processing corresponding to a user authenticationresult may not be performed. As an example, when a user is located inthe second area rather than in the first area or is located in otherareas, the communication mode of the control device may be set to be aninactive mode, and thus the control device and the user's terminal maynot communicate.

Also, when it is determined that there is a movable object in the firstarea, the control device may set the communication mode to be an activemode. Therefore, the control device and the terminal may communicatewith each other, and user authentication or processing corresponding toa user authentication result may be performed when the control devicereceives a user authentication request from the terminal. As an example,when a user is located in the first area and the communication mode ofthe control device is set to be an active mode, the control device andthe user's terminal may communicate.

As another example, when it is determined that there is a movable objectin the first area, the control device may set the communication mode tobe a first-area active mode in which the control device can communicatewith a terminal present in the first area. Accordingly, the controldevice may communicate with the terminal present in the first area, anduser authentication or processing corresponding to a user authenticationresult may also be performed. In this case, in some embodiments, thecontrol device may communicate with another terminal present in thesecond area. For example, in the first-area active mode, the controldevice may activate both of a first communication unit that communicateswith a terminal present in the first area and a second communicationunit that communicates with a terminal present in the second area.

Also, when it is not determined that there is a movable object in thefirst area, the control device may set the communication mode to be afirst-area inactive mode capable of not communicating with the terminalpresent in the first area but communicating with a terminal present inthe second area. Accordingly, the control device may communicate withthe terminal present in the second area rather than communicating withthe terminal present in the first area. As an example, when a terminalis located in the second area, the control device may acquireinformation necessary for user authentication from the terminal, andthus the user authentication may be performed by the control device orthe server. However, when a processing request corresponding to a userauthentication result is set to be acquired by the control device when aterminal is located in the first area, the processing requestcorresponding to the user authentication result cannot be acquired whenthe terminal is located in the second area, and thus processingcorresponding to the user authentication result may not be performed.

As another example, when it is determined that no movable object islocated in the first area, the control device may set the communicationmodule to a receiving mode. Thus, when a terminal is not located in thefirst area, the control device may receive information from the terminalbut may not transmit information to the terminal. In some cases, thecontrol device may communicate with a server.

However, even when the control device is in the receiving mode, thecontrol device may transmit, to a terminal, information necessary toestablish or maintain communication with the terminal but may nottransmit other information (e.g., information having a data size greaterthan or equal to a predetermined size, information necessary for userauthentication, information regarding a user authentication result,etc.) to the terminal. Also, in some cases, the control device maytransmit specific information to the terminal if necessary even when thecontrol device is in the receiving mode. For example, when specificinformation to be transmitted to a terminal is received from a server,the control device may transmit the corresponding information to theterminal. Also, when it is determined that there is a movable object inthe first area, the control device may set the communication mode to bea transceiving mode. Thus, the control device may transmit or receiveinformation to or from the terminal. For example, in the case of thetransceiving mode, the control device may transmit a user authenticationresult or a result of processing a user authentication result to theterminal.

Also, in another embodiment, when the control device and the terminalperform Bluetooth or BLE communication or other wireless communication,the control device may include a central mode or a peripheral mode as acommunication mode through a change of the communication mode.

When the control device is in the central mode, a terminal may transmitan advertising signal, and the control device may scan the advertisingsignal to establish communication between the control device and theterminal. In this case, the terminal may communicate in the peripheralmode.

Also, when the control device is in the peripheral mode, the controldevice may transmit an advertising signal, and the control device mayscan the advertising signal to establish communication between thecontrol device and the terminal. In this case, the terminal maycommunicate in the central mode. More specifically, when the terminalcommunicates only in the central mode, Bluetooth signal strengthreceived from the terminal is a criterion for communication connectionrecognition, but the deviation of the corresponding signal strength maybe quite large between terminal manufacturers or between terminals. Thatis, in this case, although the connection and data transfer between thecontrol device and the terminal are fast, signal reception may bedelayed, and signals may be received beyond a specific distance.Accordingly, a malfunction may occur, and thus it may be difficult toaccurately control timing.

To solve this problem, the control device and the terminal maycommunicate while changing the communication mode to the central mode orthe peripheral mode depending on the location of the terminal.

Also, the control device may communicate using a first communicationunit and a second communication unit. For example, the firstcommunication unit may communicate in the central mode, and the secondcommunication unit may communicate in the peripheral mode. When it isdetermined that there is a movable object in the first area, the controldevice may activate the first communication unit to communicate with aterminal present in the first area. In this case, the control deviceaccording to an embodiment may activate the second communication unit.Accordingly, the control device may communicate with the terminalpresent in the first area while communicating with another terminalpresent in the second area. Also, when it is determined that no movableobject is in the first area, the control device may not communicate withthe terminal present in the first area by deactivating the firstcommunication unit. It will be appreciated that, in this case, thesecond communication unit may be activated.

This will be described in detail with reference to FIG. 10.

Also, in operation S300, the control device may acquire informationnecessary for user authentication from the terminal. Here, theinformation necessary for user authentication may include userauthentication request information, user-specific information (or auser's or a terminal's identification information, identificationinformation necessary for payment processing (e.g., a user's cardinformation, authentication information corresponding to cardinformation, etc)), a user's biometric information, passwordinformation, etc.), and the like.

When the terminal is located in the first area close to the controldevice, the control device may confirm that the user of the terminalintends to request user authentication by acquiring informationnecessary for user authentication.

In another embodiment, the control device may acquire some of theinformation necessary for user authentication when the terminal islocated in the second area and may acquire the remainder of theinformation necessary for user authentication to confirm the entirety ofthe information necessary for user authentication in the first area whenthe terminal is located in the first area. For example, when the controldevice and the terminal communicate via Bluetooth and the terminal islocated in the second area, the control device may communicate in theperipheral mode, and the terminal may communicate in the central mode.In this case, the control device may acquire some of the informationnecessary for user authentication from the terminal. Subsequently, whenthe terminal is located in the first area, the operation modes of theterminal and the control device may be switched so that the controldevice may communicate in the central mode and the terminal maycommunicate in the peripheral mode. In this case, by acquiring theremainder of the information necessary for user authentication from theterminal, the control device may acquire the entirety of the informationnecessary for user authentication when the terminal is located in thesecond area. Thus, when the terminal is located in the first area closeto the control device, the control device may confirm that the user ofthe terminal intends to request user authentication by acquiring theentirety of the information necessary for user authentication.

In another embodiment, when the terminal is located in the second area,the control device may acquire the entirety of the information necessaryfor user authentication. However, at this time, a user authenticationresult may not be acquired by the control device. Subsequently, when itis determined that the terminal is located in the first area, thecontrol device may acquire a user authentication result using thepreviously acquired information necessary for user authentication.

Also, in operation S400, the control device may acquire a result of theuser authentication on the basis of the information necessary for userauthentication. In an embodiment, user authentication may be performedby the control device. In this case, the control device may compareinformation necessary for user authentication prestored in the controldevice and information necessary for user authentication acquired fromthe terminal in order to perform user authentication and acquire aresult of the user authentication. Also, in another embodiment, whenuser authentication is performed by the server, the control device maytransmit at least some of the information necessary for userauthentication acquired from the terminal and information correspondingto the information necessary for user authentication acquired from theterminal in order for the server to perform the user authentication andmay acquire a result of the user authentication from the server.

In another embodiment, when the terminal is located in the second area,the control device may acquire the information necessary for userauthentication. However, the user authentication result may not beacquired until the operation mode of the control device is changed inoperation S200. Also, when the operation mode of the control device ischanged in operation S200, it may be confirmed that the user of theterminal intends to request user authentication, and thus no userauthentication result may be acquired. Also, in this case, the controldevice may acquire information necessary for user authentication fromthe user terminal before the terminal is located in the first area andmay acquire a user authentication result on the basis of the informationnecessary for user authentication acquired in advance from the terminalwhen the terminal is located in the first area. Thus, it is possible tomore quickly acquire a user authentication result.

Also, the control device may transmit a user authentication result tothe user terminal and perform processing corresponding to the userauthentication result. For example, the control device may control auser's access to a specific area, control a user's payment processing,control a user's use of a specific device, or control the operation modeof a specific device depending on the user authentication result.

FIG. 8 is a diagram illustrating the operation of a management systemaccording to another embodiment.

Referring to FIG. 8, the control method of the control device mayinclude determining whether a movable object is located in a first areausing a detection sensor (S1000), changing an operation mode of thecontrol device when it is determined that the movable object is locatedin the first area (S2000), acquiring user confirmation information(S3000), transmitting processing request information based on the userconfirmation information to a server (S4000), and acquiring a processingresult for the user confirmation information (S5000).

The above description in operations S100 and S200 of FIG. 7 can beapplied to operations S1000 and S2000, and thus a detailed descriptionthereof will be omitted.

In operation S300, the control device may acquire user confirmationinformation from a server or a terminal. Here, the user confirmationinformation may include a user authentication result. Specifically, theserver may acquire information necessary for user authentication fromthe control device or the terminal. Also, the server may perform userauthentication on the basis of the information necessary for userauthentication, generate user confirmation information including a userauthentication result, and transmit the generated user confirmationinformation to the terminal or the control device. When the userconfirmation information is transmitted to the terminal, the terminalmay transmit the user confirmation information to the control device.

Also, user authorization information (e.g., information on securityareas that users can access, information on items for which users canprocess payment, information on devices that users can use, informationon operation modes that users can control, etc.) may be included in theuser confirmation information.

Also, in some embodiments, the user confirmation information may begenerated in the form of a token. As an example, the user confirmationinformation may include at least one of user-specific information, userauthorization information, validity conditions (a valid period, a validarea, etc.), issuer information, or recipient information.

In another embodiment, the user authentication result may not beincluded in the user confirmation information. In this case, the controldevice may confirm that the user is located in the first area on thebasis of the user-specific information and may add confirmation resultinformation to the user confirmation information.

Also, in operation S4000, the control device may transmit processingrequest information based on the user confirmation information to theserver.

In an embodiment, when the user authentication result is included in theuser confirmation information, the processing request information basedon the user confirmation information may include a processing requestfor the user authentication result. Here, the processing for userauthentication may refer to a subsequent operation to be performed basedon the user authentication, such as controlling a user's access to aspecific area, controlling a user's payment processing, controlling auser's using a specific device, or controlling the operation mode of aspecific device depending on the user authentication result. Also, theprocessing request information based on the user confirmationinformation may include the user authentication result. The server mayperform the processing for the user authentication result on the basisof the user authentication result according to the processing requestinformation based on the user confirmation information.

Also, the processing request information based on the user confirmationinformation may include a request for determining whether to allow thecontrol device to perform processing corresponding to the userauthentication request result. In this case, the server may determinewhether to allow the control device to perform processing for the userauthentication request result on the basis of the user authenticationresult.

In another embodiment, the user authentication result is not included inthe user confirmation information, and information for confirming thatthe terminal is in the first area may be included in the userconfirmation information. Also, the processing request information basedon the user confirmation information may include a user authenticationrequest for performing user authentication on the basis userconfirmation information. Also, the control device may transmitinformation necessary for user authentication to the server, and theserver may perform user authentication on the basis of the informationnecessary for user authentication according to the user authenticationrequest.

Also, in operation S5000, the control device may acquire a processingresult for the user confirmation information. The processing result forthe user confirmation information may vary depending on the processingrequest information based on the user confirmation information. Forexample, the processing result for the user confirmation information mayinclude a result of processing the user authentication result, a resultof determining whether to allow the control device to perform processingfor the user authentication request result, a user authenticationresult, etc.

FIG. 9 is a sequence diagram illustrating the operation of a managementsystem according to an embodiment.

Referring to FIG. 9, when a terminal is located in a second area, a userof the terminal may not be located in a detection range of a detectionsensor. Thus, the control device may activate a second mode. Forexample, the second mode may include one of the above-described inactivemode, a first-area inactive mode, receiving mode, and peripheral mode.

Also, the terminal may determine whether the terminal is located in thesecond area. For example, it is assumed that the control device is inthe peripheral mode. When the terminal is located in a range in which anadvertising signal of the control device can be received, the terminalmay acquire the advertising signal from the control device, and theterminal may confirm that the terminal is located in the second area inresponse to acquiring the advertising signal. Also, as another example,the terminal may acquire a signal from a device capable of transmittinga signal to a first area rather than the control device and may confirmthat the terminal is located in the second area when the signal isacquired. As another example, the terminal may include a globalpositioning system (GPS) sensor and may determine whether the terminalis located in the first area using the GPS sensor. Also, the terminalmay acquire a user authentication request from a user through an inputunit of the terminal and may determine that the terminal is located inthe first area when the user authentication request is acquired from theuser. As an example, an application for user authentication may beinstalled in the terminal, and the terminal may determine that theterminal is located in the first area when the application is executedby the user or when a user authentication request is input through theapplication.

However, when it is determined that the terminal is located in thesecond area, the terminal may transmit user-specific information to aserver. Here, the user-specific information may refer to information foridentifying a user to perform user authentication, such as a user's or aterminal's identification information (unique identifier (UID), deviceidentifier (DID), etc.), identification information necessary forpayment processing (e.g., a user's card information, authenticationinformation corresponding to card information, etc.), and the like.

In this case, the terminal may transmit the user-specific information tothe server directly or via the control device. For example, when asecond mode of the control device is the inactive mode, the controldevice does not perform communication, and thus the terminal maytransmit the user-specific information to the server directly.

As another example, when the operation mode of the control device, whichis the second mode, is a first-area inactive mode, a receiving mode, ora peripheral mode, the control device may receive the user-specificinformation from the terminal and may transmit the user-specificinformation to the server.

The server may generate user confirmation information on the basis ofthe acquired user-specific information. The user confirmationinformation may include information for confirming that the user in thefirst area. Also, the user confirmation information may include a userauthentication result and authorization information indicating that auser has specific authority. For example, the server may determinewhether the user has specific authority using the user-specificinformation and user authorization information (e.g., information onsecurity areas that users can access, information on devices that userscan use, information on items for which users can process payment,information on operation modes that users can control, etc.). When aresult of the determination is that the user has the specific authority,the server may generate user confirmation information. That is, userauthentication may be performed by the server.

Also, the server may provide the user confirmation information to theterminal. As described above, the server may transmit the userconfirmation information to the terminal directly or via the controldevice. Also, when the terminal is located in the first area, a user ofthe terminal may be located in a detection range of a detection sensor,and thus the control device may activate a first mode. For example, thefirst mode may include one of the above-described active mode,first-area activation mode, transceiving mode, and peripheral mode.

Also, the terminal may determine whether the terminal is located in thefirst area. For example, the terminal may receive a signal indicatingthe first area from the control device or other devices and may confirmthat the terminal is located in the first area in response to thecorresponding signal. Also, the terminal may determine whether theterminal is located in the first area using the GPS sensor of theterminal. Also, the terminal may determine whether the terminal islocated in the first area on the basis of an input from the user.

Also, when the terminal communicates via Bluetooth and the terminal islocated in the second area, the control device may be set to be in theperipheral mode, the terminal may be set to be in the central mode, anda communication connection may be established therebetween.Subsequently, when the control device confirms that the terminal islocated in the first area, the control device may be set to be in thecentral mode, and thus the previously established communicationconnection may be terminated. As the communication connection with thecontrol device is terminated, the terminal may confirm that the terminalis located in the first area, and thus the operation mode may be set tothe peripheral mode.

Also, in some embodiments, the terminal may not determine whether theterminal is located in the first area. In this case, in response toacquiring the user confirmation information, the terminal may broadcastthe user confirmation information or transmit the user confirmationinformation to the control device to communicate with the controldevice. Also, when the terminal communicates via Bluetooth, the terminalmay change the operation mode to the peripheral mode after the userconfirmation information is acquired and thus may broadcast anadvertising signal to communicate with the control device.

Also, the terminal may transmit the user confirmation to the controldevice. It will be appreciated that the terminal may transmit some ofthe user confirmation information or information obtained by processingthe user confirmation information to the control device. However, forconvenience of description, the following description will focus on theterminal transmitting user confirmation information to the controldevice. However, the present invention is not limited thereto.

The control device may acquire the user confirmation information fromthe terminal and may acquire the user authentication result.

In an embodiment, user authentication may be performed by the server. Inthis case, the control device may transmit the processing requestinformation for the user confirmation information to the server. Here,the processing request information for the user confirmation informationmay refer to processing request information for the user authenticationor the processing request information based on the user confirmationinformation. It will be appreciated that the control device may transmitonly the user confirmation information to the server. However, forconvenience of description, the following description will focus on thecontrol device transmitting the processing request information for theuser confirmation information to the server, but the present inventionis not limited thereto.

The server may determine whether the processing request information forthe user confirmation information acquired from the control device isvalid. This may be to enhance security. For example, the userconfirmation information may be included in the processing requestinformation for the user confirmation information, and validityinformation may be included in the user confirmation information. Theserver may determine whether the user confirmation information acquiredfrom the control device is valid on the basis of the validityinformation. As an example, the validity information may be generated bythe server according to a predetermined rule when the server generatesthe user confirmation information. For example, the validity informationmay be a one-time password (OTP). The server may determine that the userconfirmation information is valid using the predetermined rule.

As another example, the server may determine whether the userconfirmation information acquired from the control device is identicalto user confirmation information previously transmitted to the terminaland may determine that the user confirmation is valid when the twopieces of information are identical to each other. For example, theserver may determine whether identification information of the userconfirmation information included in the user confirmation informationacquired from the control device is identical to identificationinformation of the user confirmation information included in the userconfirmation information transmitted to the terminal.

When it is determined that the processing request information for theuser confirmation information is valid, the server may performprocessing corresponding to the processing request information for theuser confirmation information. Here, the processing corresponding to theprocessing request information for the user confirmation information mayinclude the above-described processing corresponding to the userauthentication result.

As an example, when the processing corresponding to the processingrequest information for the user confirmation information is paymentprocessing, the payment processing may be performed by a payment module.Here, the payment module may be included in the server or other servers.In this case, identification information necessary for paymentprocessing (e.g., a user's card information, authentication informationcorresponding to card information, etc.) is included in the processingrequest information for the user confirmation information, oridentification information necessary for the payment processing may beprestored in the server. The server may provide the identificationinformation necessary for the payment processing to the payment module.The payment module may perform authentication on the payment processing,and the server may acquire a result of the authentication on the paymentprocessing from the payment module.

In another embodiment, when the processing request information for theuser confirmation information includes a user authentication request,the server may perform user authentication by determining whether a userhas specific authority. For example, user-specific information may beincluded in the processing request information for the user confirmationinformation, and the server may determine whether the user has specificauthority using the user-specific information and user authorizationinformation prestored in the server (e.g., information on security areasthat users can access, information on items for which users can processpayment, information on devices that users can use, information onoperation modes that users can control, etc.) to perform userauthentication.

The server may transmit the processing result for the user confirmationinformation to the control device, and the control device may perform anoperation corresponding to the processing result for the userconfirmation information and transmit the processing result for the userconfirmation information to the terminal.

Also, in another embodiment, user authentication may be performed by thecontrol device. Also, the control device may check whether the userconfirmation information received from the terminal is generated by theserver. This may be to enhance the security of user authentication. Forexample, validity information may be included in the user confirmationinformation received from the terminal, and the control device maydetermine whether the user confirmation information is valid on thebasis of the validity information. The validity information may begenerated by the server according to a predetermined rule when theserver generates the user confirmation information. For example, thevalidity information may be an OTP. The control device may pre-acquireinformation on the predetermined rule from the server and may determinewhether the user confirmation information is valid using thepredetermined rule.

Also, the control device may perform user authentication by determiningwhether the user has specific authority. For example, user-specificinformation may be included in the user confirmation information, andthe control device may determine whether the user has specific authorityusing the user-specific information and user authorization informationprestored in the control device (e.g., information on security areasthat users can access, information on devices that users can use,information on whether users can process payment, information onoperation modes that users can control, etc.) to perform userauthentication.

Also, when the specific authority is payment authority that allows theuser to process payment, user authentication for the payment authoritymay be performed by the payment module. Here, the payment module may beincluded in the control device or other devices (e.g., the server, otherservers, other payment devices, etc.). In this case, identificationinformation necessary for payment processing (e.g., a user's cardinformation, authentication information corresponding to cardinformation, etc.) may be included in the user confirmation informationor stored in the control device. The control device may provide theidentification information necessary for the payment processing to thepayment module. The payment module may perform the user authenticationfor the payment authority, and the control device may acquire a userauthentication result for the payment authority from the payment module.

The control device may perform processing corresponding to the userauthentication result and may transmit the user authentication result tothe terminal.

FIG. 10 is a sequence diagram illustrating the operation of a managementsystem according to another embodiment.

Referring to FIG. 10, a control device and a terminal may communicate ina wireless communication manner, such as via Bluetooth (or BLE). Whenthe terminal is located in the second area, a user of the terminal maynot be located in a detection range of a detection sensor. Thus, theoperation mode of the control device may be set to the peripheral mode,and the operation mode of the terminal may be set to the central mode.Thus, the control device may broadcast an advertising signal. Theterminal may perform a scanning operation to transmit a connectionrequest signal to the control device. Subsequently, the control deviceand the terminal may recognize each other so that a communicationconnection can be established between the control device and theterminal.

Also, since the operation mode of the control device is the peripheralmode, no user authentication result may be acquired by the controldevice. However, the control device may acquire at least some of theinformation necessary for user authentication from the terminal. Thismay be to improve the speed of acquiring the user authentication resultto be performed later.

Also, as another example, the control device may include the firstcommunication unit and second communication unit which have beendescribed above. Here, the first communication unit may operate in thecentral mode, and the second communication unit may operate in theperipheral mode. Accordingly, when it is determined that the user of theterminal is not located in the detection range of the detection sensor,the control device may drive the second communication unit withoutdriving the first communication unit. Thus, the control device cancommunicate, through the second communication unit, with a terminal thatis located in the second area and that operates in the central mode andcannot communicate with a terminal that is located in the first area andthat operates in the peripheral mode.

Also, when the terminal is located in the first area and the user of theterminal is located in the detection range of the detection sensor, theoperation mode of the control device may be set to the central mode, andthe operation mode of the terminal may be set to the peripheral mode.That is, the operation modes of the control device and the terminal maybe switched according to the location of the terminal.

As a specific example, the control device may terminate the previouslyestablished communication connection by changing the operation mode tothe central mode. Thus, the terminal may confirm that the terminal islocated at a first position and change the operation mode to theperipheral mode.

The terminal may broadcast an advertising signal, and the control devicemay perform a scanning operation to transmit a connection request signalto the control device. Subsequently, the control device and the terminalmay recognize each other so that a communication connection can beestablished between the control device and the terminal.

Also, in an embodiment, the control device may determine whether theterminal with which communication is established when the control deviceis in the peripheral mode is identical to a terminal by which theadvertising signal is received when the control device is in the centralmode. For example, the control device may acquire the user's or theterminal's identification information (e.g., UID, DID, etc.) from theterminal when the control device is in the peripheral mode and mayacquire the user's or the terminal's identification information from theterminal even when the control device is in the central mode. Thecontrol device may determine whether the two pieces of identificationinformation of the user or terminal received at different times areidentical and may establish a communication connection when the twopieces of information are identical and also the control device is inthe central mode.

Also, as another example, when the user of the terminal is located inthe detection range of the detection sensor, the control device maydrive both of the first communication unit and second communication unitwhich have been described above.

Thus, the control device can communicate, through the secondcommunication unit, with a terminal that is located in the second areaand that operates in the central mode and can communicate, through thefirst communication unit, with a terminal that is located in the firstarea and that operates in the peripheral mode.

The description with reference to FIGS. 6 to 9 can be applied to thesubsequent operations, and thus a detailed description thereof will beomitted.

FIG. 11 is a flowchart illustrating a control method of a terminalaccording to an embodiment.

Referring to FIG. 11, the control method of the terminal may includeproviding user-specific information of the terminal to a server(S10000), acquiring user confirmation information based on theuser-specific information from the server (S20000), providing the userconfirmation information to a control device (S30000), and acquiring aresult of processing the user confirmation information from the controldevice (S40000). The description with reference to FIGS. 6 to 10 can beapplied to operations S10000 to S40000, and thus a detailed descriptionthereof will be omitted.

According to the present disclosure, it is possible to enhance theaccuracy and security of user authentication regardless of terminalperformance.

Also, according to the present disclosure, it is possible to shorten thetime taken for performing user authentication and processingcorresponding to the user authentication.

Advantageous effects of the invention are not limited to theaforementioned effects, and other advantageous effects that are notdescribed herein will be clearly understood by those skilled in the artfrom the following description and the accompanying drawings.

The various embodiments described above may be implemented as a softwareprogram including an instruction stored on machine-readable (e.g.,computer-readable) storage media. The machine is a device which iscapable of calling a stored instruction from the storage medium andoperating according to the called instruction, and may include anelectronic device according to the embodiments described above. When theinstruction is executed by a processor, the processor may perform afunction corresponding to the instruction directly or using othercomponents under the control of the processor. The instruction mayinclude a code which is generated or executed by a compiler or aninterpreter. The machine-readable storage media may be provided in theform of non-transitory storage media. Herein, the term “non-transitory”only denotes that a storage medium does not include a signal but istangible, and does not distinguish data semi-permanently stored in astorage medium from data temporarily stored in a storage medium.

According to an embodiment of the present disclosure, the methodaccording to the various embodiments described above may be provided asbeing included in a computer program product. The computer programproduct may be traded as a product between a seller and a consumer. Thecomputer program product may be distributed online in the form ofmachine-readable storage media (e.g., compact disc read only memory(CD-ROM)) or through an application store (e.g., Play Store™). As foronline distribution, at least a part of the computer program product maybe at least temporarily stored in a server of a manufacturer, a serverof an application store, or a storage medium such as memory, or may betemporarily generated.

Although the present disclosure has been described with reference tospecific embodiments and drawings, it will be appreciated that variousmodifications and changes can be made from the disclosure by thoseskilled in the art. For example, appropriate results may be achievedalthough the described techniques are performed in an order differentfrom that described above and/or although the described components suchas a system, a structure, a device, or a circuit are combined in amanner different from that described above and/or replaced orsupplemented by other components or their equivalents.

Therefore, other implementations, embodiments, and equivalents arewithin the scope of the following claims.

What is claimed is:
 1. A control method of a control device, the controlmethod comprising: determining whether a movable object is located in afirst area using a detection sensor; activating a first mode amongoperation modes of the control device when it is determined that themovable object is located in the first area; acquiring user confirmationinformation from a terminal when the first mode is activated, whereinthe user confirmation information corresponds to user-specificinformation stored in the terminal and is provided to the terminal by aserver before the terminal provides the user confirmation information tothe control device; transmitting processing request information based onthe user confirmation information to the server so that the serverperforms processing on the user confirmation information; acquiring aprocessing result for the user confirmation information from the server;and providing the processing result for the user confirmationinformation to the terminal.
 2. The control method of claim 1, whereinthe operation mode of the control device is set to a second mode when itis not determined that the movable object is located in the first area.3. The control method of claim 2, wherein the first mode comprises anactive mode in which the control device is allowed to communicate with aterminal present in the first area, and wherein the second modecomprises an inactive mode in which the control device is not allowed tocommunicate with a terminal present in the first area.
 4. The controlmethod of claim 2, wherein when the first mode is activated, the controldevice communicates with a terminal present in the first area and aterminal present in a second area indicating a predeterminedcommunication area other than the first area, and wherein when thesecond mode is activated, the control device communicates with aterminal present in the second area without communicating with aterminal in the first area.
 5. The control method of claim 2, whereinthe control device comprises: a first communication unit configured tocommunicate with a terminal present in the first area; and a secondcommunication unit configured to communicate with a terminal present inthe second area, and wherein the control unit performs control to drivethe first communication unit and the second communication unit when thefirst mode is activated, and wherein the control unit performs controlto drive the second communication unit without driving the firstcommunication unit when the second mode is activated.
 6. The controlmethod of claim 3, wherein the user-specific information comprises atleast one of identification information of the terminal, identificationinformation of a user of the terminal, or information necessary for userauthentication.
 7. The control method of claim 2, wherein the first modecomprises a central mode in which the control device receives anadvertising signal from the terminal and scans the terminal in responseto receiving the advertising signal, and wherein the second modecomprises a peripheral mode in which the control device transmits anadvertising signal to the terminal and is scanned by the terminal inresponse to transmitting the advertising signal.
 8. The control methodof claim 5, wherein the first communication unit operates in a centralmode in which the control device receives an advertising signal from theterminal and scans the terminal in response to receiving the advertisingsignal, and wherein the second communication unit operates in aperipheral mode in which the control device transmits an advertisingsignal to the terminal and is scanned by the terminal in response totransmitting the advertising signal.
 9. The control method of claim 1,wherein the determining whether a movable object is located in a firstarea using a detection sensor comprises acquiring a detection signalfrom the detection sensor when the movable object is located in thefirst area and determining that the movable object is located in thefirst area when the detection signal is acquired.
 10. The control methodof claim 1, wherein the user confirmation information comprises a resultfor user authentication that is performed by the server based on theuser-specific information, and wherein the processing requestinformation based on the user confirmation information comprises aprocessing request for a result of the user authentication.
 11. Thecontrol method of claim 1, wherein the user confirmation informationcomprises information for confirming that the terminal is in the firstarea, wherein the processing request information based on the userconfirmation information comprises a user authentication request thatrequests the server to perform user authentication based on the userconfirmation information, and wherein the processing result for the userconfirmation information comprises a result of the user authentication.12. A control method of a terminal, the control method comprising:providing user-specific information of the terminal to a server;acquiring user confirmation information based on the user-specificinformation from the server; providing the user confirmation informationto a control device, wherein the user confirmation information isreceived by the control device when the terminal is located in a firstarea and the control device confirms that a movable object is located inthe first area through a detection sensor placed inside or near thecontrol device; and acquiring a processing result for the userconfirmation information from the control device when processing requestinformation based on the user confirmation information is provided fromthe control device to the server so that processing of the userconfirmation information is performed by the server.
 13. The controlmethod of claim 12, wherein the providing of user-specific informationof the terminal to a server comprises transmitting the user-specificinformation of the terminal from the control device to the server in asecond area indicating a predetermined communication area other than thefirst area.
 14. The control method of claim 12, wherein the providing ofuser-specific information of the terminal to a server comprisestransmitting the user-specific information of the terminal to thecontrol device so that the user-specific information of the terminal istransmitted to the server.
 15. The control method of claim 13, whereinthe providing of user-specific information of the terminal to a servercomprises determining whether the terminal is located in the second areaand providing the user-specific information of the terminal to theserver when it is determined that the terminal is located in the secondarea.
 16. The control method of claim 15, wherein the transmitting ofthe user-specific information of the terminal to the server comprisesconfirming a location of the terminal using at least one of a signalreceived from the control device, a signal received from an externaldevice, or a signal acquired from a global positioning system (GPS)sensor included in the terminal and determining whether the terminal islocated in the second area on the basis of the confirmed location of theterminal.
 17. A non-transitory computer-readable medium having recordedthereon a program for performing the method according to claim
 1. 18. Anon-transitory computer-readable medium having recorded thereon aprogram for performing the method according to claim 12.